-
A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling local attackers to escalate privileges to root level with minimal effort. Discovered by security researcher […] The post New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 under advisory ESA-2025-21, the flaw stems from improper neutralization of special elements in the Jinjava template engine. This issue affects multiple versions of ECE, potentially […] The post Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
As cybercrime continues to evolve, new adversaries and innovative tactics challenge defenders daily. The recently emerged threat group TA585 exemplifies this shift, deploying sophisticated malware campaigns that highlight the changing nature of the cyb…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware stealer logs for unauthorized system entry. This transition marks a significant change in both tactics and impact within the underground forums, affecting organizations and individuals worldwide. […] The post Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant data exposure incident has affected the cloud-based invoicing platform Invoicely, potentially compromising sensitive information belonging to customers worldwide. The exposed database contained 178,519 files in various formats including E…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits the widespread trust users place in the popular Homebrew package manager by creating pixel-perfect replicas of the official brew[.]sh installation page, complete with deceptive clipboard manipulation techniques. Security researchers have […] The post Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a fundamental vulnerability in OpenAI’s newly released Guardrails framework that can be exploited using basic prompt injection techniques. The vulnerability enables attackers to circumvent the system’s s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified pro-Russian hacktivist group has successfully infiltrated operational technology and industrial control systems belonging to critical infrastructure organizations, employing sophisticated techniques to steal login credentials and disrupt vital services. The threat actor, known as TwoNet, represents an emerging class of hacktivists who have expanded beyond traditional distributed denial-of-service attacks to target human-machine interfaces […] The post Pro-Russian Hacktivist Attacking OT/ICS Devices to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
